fsmithred wrote:

  I haven't tested this yet, because I have't been able to boot into my encrypted lvm install.

Have you tried using the Debian installer?
For LVM install I find it works flawlessly.

I did use d-i, but then I must have done something to break that system. It was just a test system in a VM. I tested again with a fresh install the next day, and I'm not able to reproduce the problem.

  I haven't tested this yet, because I have't been able to boot into my encrypted lvm install.

Have you tried using the Debian installer?
For LVM install I find it works flawlessly.

$ apt policy cryptsetup-modified-functions
cryptsetup-modified-functions:
  Installed: 2023.02.12
  Candidate: 2023.02.12
  Version table:
 *** 2023.02.12 100
        100 /var/lib/dpkg/status
     23.02.12 10
         10 http://deb.devuan.org/merged ceres/main amd64 Packages

Also, I noticed that this section still has a long timeout loop. In the past, I reduced the timeout to 1, I think. Is it still a problem?

_do_stop_remove() {
    local name="$1" i rv=0
    for i in 1 2 4 8 16 32; do
        remove_mapping "$name" 3<&- && break || rv=$?
        if [ $rv -eq 1 ] || [ $rv -eq 2 -a $i -gt 16 ]; then
            log_action_end_msg $rv
            break
        fi
        log_action_cont_msg "$name busy..."
        sleep $i
    done
}

 [ -x /sbin/lvm ] && /sbin/lvm vgchange -a n >/dev/null 2>&1

behind line 188 in /lib/cryptsetup/cryptdisks-functions

------------------to check -------------------------------------------

# diff -Naur cryptdisks-functions.orig cryptdisks-functions
--- cryptdisks-functions.orig   2023-01-31 21:00:09.967829315 +0100
+++ cryptdisks-functions        2023-02-11 20:17:49.665380782 +0100
@@ -186,6 +186,7 @@

 do_stop() {
     local devno_rootfs devno_usr
     dmsetup mknodes
+    [ -x /sbin/lvm ] && /sbin/lvm vgchange -a n >/dev/null 2>&1
     log_action_begin_msg "Stopping $INITSTATE crypto disks"
 
     devno_rootfs="$(get_mnt_devno /)" || devno_rootfs="" 

------------------to check/-------------------------------------------

I use a byzantine fstab with 13 entries for mounted lvs  - almost all mounted with different - very restrictive mount options ( with very sharp fitted excessive file space). /boot lives on an encrypted "real" gpt 512 MB partition. /home sits on a dm raid1 on a vg in an lv of it's own. All vgs sit on pvs on LUKS devices.
As systemd gets a hiccup on partition systems like this - this might cause side effects - as some programmers might be tempted to falsely rely on big "complete" root partitions...

One had an encrypted root partition and unencrypted /boot partition.
The other had encrypted lvm with unencrypted /boot partition, via Guided Partitioning in the installer.

I see no delay in shutdown with either system.

I can still update cryptsetup-modified-functions and build it for ceres/daedalus if there are cases where it's needed.
@devujan: Please put the final version you want me to use in a code box to make it easy for me. (so I don't screw it up.) Thanks.

     devno_rootfs="$(get_mnt_devno /)" || devno_rootfs=""

This version took the same ~ 6 seconds to shut down my desktop as the version looping over the vgs.
The lvm manual was right. :-)
I also counted the time for the original version and that was ~ 40 seconds to shutdown.
Thank you!

What makes me like (even realy ugly looking) sed code one liners over awk or shell loops is resource considerations.
This code is run once at shutdown. To me it is unlikely that parts of the code are somewhere cached in the CPU caches.
sed has an extremely small footprint (in memory and CPU usage).

Have you actually profiled the different versions to compare resource usage?

Sed itself may have a small footprint, but that means little with a regex pattern which backtracks several times.

The pattern can be fixed, but given the other overheads involved (subshell, scanning and parsing), is it worth it? I don't know, but I would suspect if list pipe loop to be more efficient than if subshell scan pipe parse if loop, and certainly I find it clearer and more readable.

*shrug* This may all be redundant...

Looking at man vgchange the VG name is an optional filter, so not sure why it is necessary to look them up and run the command once for each, when it can simply be run once without the filter for all:

[ -x /sbin/lvm ] && /sbin/lvm vgchange -a n >/dev/null 2>&1

?

Well, I have my desktop running with Daedalus, lightdm & Cinnamon, up-to-date, openrc and amd64, traditional unencrypted /boot, a luks-encrypted container holding a LVM for / and /swap. Working fine, just tried it, no shutdown delays.

Update: also checked my laptop running Daedalus with similar setup: no problems with shutdown delays.

I looked into my update history. The last update of the cryptsetup-stuff was before Chrismas. Why do we suddenly have a problem?

I set up a laptop for my smallest daughter in December with Daedalus and had the problem - and I renewed my desktop in January with the next netinstall.iso from Daedalus and had the same issue again. (Both with two VGs - the desktop has additional a raid 1 md device which caused also grub problems (but that is another story). Both FDE with separate /boot partition on LUKS1. Both with xfs (and few ext2) on lvm on LUKS2.)

On reflection, no need for Awk either, the whole change can potentially be simplified to:

[ -x /sbin/lvm ] && /sbin/lvm vgscan | while IFS=\" read -r _ vg _
do
   [ -n "$vg" ] && /sbin/lvm vgchange -a n "$vg" >/dev/null 2>&1
done

Or:

[ -x /sbin/lvm ] && /sbin/lvm vgs --options vg_name --noheadings | while read -r vg
do
   /sbin/lvm vgchange -a n "$vg" >/dev/null 2>&1
done

Dear boughtonp all your code suggestions look cool.
What makes me like (even realy ugly looking) sed code one liners over awk or shell loops is resource considerations.
This code is run once at shutdown. To me it is unlikely that parts of the code are somewhere cached in the CPU caches.
sed has an extremely small footprint (in memory and CPU usage).
This patch adds to 99% of all systems an additional slowdown of less than a 1ms during shutdown due to the check for lvm

 if [ -x /sbin/lvm ];

which I think is a fair deal, because 100% of all systems running lvm on top of LUKS will benefit from that with additional 120 seconds less waiting for a shutdown.
Because cryptsetup does check for open VGs living on LUKS devices and does oppose to a possible premature closing of those devices with the VGs still online.
(I like that kind of error caching.)
Usually I run my laptops with at least two different VGs each holding different PVs.
If you come up with a solution which is small, easy to read and faster than the one I wrote - may rolfie decide ....

Update: also checked my laptop running Daedalus with similar setup: no problems with shutdown delays.

I looked into my update history. The last update of the cryptsetup-stuff was before Chrismas. Why do we suddenly have a problem?

[ -x /sbin/lvm ] && /sbin/lvm vgscan | while IFS=\" read -r _ vg _
do
   [ -n "$vg" ] && /sbin/lvm vgchange -a n "$vg" >/dev/null 2>&1
done

Or:

[ -x /sbin/lvm ] && /sbin/lvm vgs --options vg_name --noheadings | while read -r vg
do
   /sbin/lvm vgchange -a n "$vg" >/dev/null 2>&1
done

+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"

Is there a reason this isn't just using vgs --options vg_name --noheadings ?

If so, that sed script is eugh. How about awk -F\" '/"/{print $2}' instead?

I guess I will be reviving the cryptsetup-modified-functions package for daedalus.

Outlook to Chimaera: there the issue is fixed.

rolfie

In Daedalus the problem is back....

--------------------------patch-----------------------------------------------
--- /lib/cryptsetup/cryptdisks-functions.orig   2023-01-31 21:00:09.967829315 +0100
+++ /lib/cryptsetup/cryptdisks-functions        2023-01-31 21:10:31.023816298 +0100
@@ -184,8 +184,16 @@
# Removes all mappings in crypttab, except the ones holding the root
# file system or /usr
do_stop() {
-    local devno_rootfs devno_usr
+    local devno_rootfs devno_usr vgs vg
     dmsetup mknodes
+       if [ -x /sbin/lvm ]; then
+        vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+         if [ -n "${vgs}" ]; then
+          for vg in ${vgs}; do
+           /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
+          done
+         fi
+       fi
     log_action_begin_msg "Stopping $INITSTATE crypto disks"

     devno_rootfs="$(get_mnt_devno /)" || devno_rootfs=""
--------------------------patch/----------------------------------------------

Above patch mitigates the problem for me (Daedalus FDE && LVM).

Best wishes

Jan